After being stopped for several hours, BNB Chain has resumed the blockchain. Hackers tried to steal $560 million worth of BNB tokens from the blockchain bridge overnight. More than $100 million was successfully siphoned off to other chains.
Changpeng Zhao (Binance CEO) tweeted the story at 7:51 PM ET. “An exploit on the cross-chain bridge, BSC Token Hub resulted in additional BNB,” CZ stated. We have asked all validators to temporarily suspend BSC. This issue is now resolved. Your funds are secure. We are sorry for any inconvenience caused and will update you accordingly.
After an overnight hack that took more than \$100 million, BNB Chain restarted blockchain operations on Friday.
The hack forced the network to close for several hours.
Hackers tried to steal $560 million worth of BNB tokens from the BSC Token Hub overnight. This is the cross-chain bridge that connects the network and other blockchains. They managed to siphon an estimated $100 million to $130 million to other chains.
Changpeng Zhao, CEO of BNB Chain founder Binance, tweeted that the chain would be down for maintenance while it investigated the attack. It would also provide updates via Twitter. At 2:53 AM. Today at 2:53 a.m. ET, the network was restarted. It now runs normally, with validators for the blockchain having resumed operations.
Around 6 p.m. Unknown hacker stole 2 million BNB tokens, worth approximately $560 million, from the bridge of the network’s infrastructure on Thursday at 6 p.m. ET. Security analysts and data from on-chain indicate that the exploit was caused by a bug in the bridge, which enabled the attacker to create security proofs.
The BSC Token hub is a bridging platform which facilitates assets to move across different blockchain protocols. The bridge allows users to send assets from one blockchain protocol to another. This process locks assets and mints a wrapped version on the destination chain.
The Binance Bridge verification proofs had a bug that could have allowed attackers to forge arbitrary messages, said a pseudonymous security analyst in a Tweet.
The team responded to the attack by shutting down its validators, which was meant to stop the entire network. This was done to stop the attacker from leaving tracks and to salvage any exploited funds the attacker may have left on the network.
According to data from security firm Slow Mist , \$127 million was sent via the bridge from Ethereum to other chains like Polygon, Arbitrum and Avalanche. Nearly $429 million of the total remained on BNB Chain. Although it is not clear if the team has frozen these funds, it seems more likely.